Описание
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-4960
- https://github.com/silverstripe/sapphire/commit/fef7c32
- http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12
- http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6
- http://www.openwall.com/lists/oss-security/2012/04/30/1
- http://www.openwall.com/lists/oss-security/2012/04/30/3
Связанные уязвимости
nvd
больше 13 лет назад
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
debian
больше 13 лет назад
SQL injection vulnerability in the Folder::findOrMake method in Silver ...